Email server on a thin client
I have successfully turned my underpowered Futro S550-2 thin client into a very capable email server. The setup involved software installations, DNS and firewall configuration, and an additional SMTP relay service since the outbound connections on port 25 are blocked by my ISP.
Know your limits
To spare you the time, I will start with the limitations. By using the free tiers of the software and services involved in the process, there are of course some limits that you should know about:
Axigen free mail server limits
5 domains, 5 users, 5 groups
SocketLabs free plan (for SMTP relay)
2000 mails per month
If you don't have the port 25 blocked by your ISP, you don't need the SMTP relay. To test if it's the case, use the following command on the server:
telnet 188.8.131.52 25
If the outcome of the telnet command is like the following, then you have to use an SMTP relay service.
Trying 184.108.40.206... telnet: Unable to connect to remote host: Connection refused
Use Google to search for one that suits you. I went ahead with the one provided by SocketLabs, since it was fast to set up and the 2000 emails per month for the free plan are plenty for my use. Note the 4.883 GB Bandwidth associated with the 2k emails.
The included bandwidth is based on 128 kilobytes per message included on your Order. If the total size of your messages for the month exceeds 128 kilobytes multiplied by the base number of messages included on your Order per month, you will be billed for the extra bandwidth overage at a rate of ten U.S. dollars ($10) per gigabyte.
Final software stack
Linux server: Ubuntu Server 20.04 LTS
Email server: Axigen's Free Mail Server
SMTP relay: SocketLabs (optional)
Once I have everything installed, I had to configure my DNS to take into account the mailing part. That's done by adding two additional records. An A record with Host = mail and Value = your IP address, like this:
And now the MX record, Host = @ and Value = your hostname
Since you are configuring your DNS, take the time to add a new TXT record to your domain _dmarc.your.domain with the following value: v=DMARC1; p=none
A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and give instruction if neither of those authentication methods passes. Please be sure you have a DKIM and SPF set before using DMARC.
DKIM and SPF are already in place, provided by the SocketLabs server. Read more about DMARC here. I'm using mail-tester.com to test the server, and if everything's good, you'll have the following result:
But you're not there yet, since your firewall doesn't allow the email ports to communicate with the outside world. Let's take care of that.
So open pfsense admin GUI and head to Firewall / NAT / Port Forward. You have to create a new rule, as the one in the screenshot below:
Notice that I'm using aliases, the mailserver has the IP address of the mail server and the mailports has the ports 25, 465, and 993. Test the rule using whatsmyip.com port scanner.
If you have problems sending emails, and the telnet check on port 25 fails, you have to rely on using an SMTP relay with a provider like SocketLabs. Instructing Axigen to use this smart host delivery is done in the Message Routing Settings / Routing Basic Settings:
Select Deliver through smart host and set the Host with smtp.socketlabs.com and for the port use 587. That means you are no longer using 25 for the outbound mails, that your ISP is blocking.
I'm sure that you can do the same using postman, but since I'm the only user and the features of Axigen are way beyond my needs, I will continue to use this setup.
If you noticed, in the pfsense port alias I didn't expose the WebMail interface, but since it's very well done and modern, I'm using it internally on my network. Just take a look:
Did I mention it's made in Romania? Well done guys, wonderful job!
So there you have it! A little thin client that's doing a great job of being an email server! If you send me an email and I still have some bandwidth left on SocketLab, I will respond :) Otherwise use the comments below if you feel chatty.